Restricted-use authentication codes

ABSTRACT

Embodiments related to a restricted-use authentication code are disclosed. One disclosed embodiment provides a method of generating a representation of a restricted-use authentication code for detection by another computing device to authenticate the other computing device to a remote service. The method includes receiving authentication information, the authentication information comprising a restricted-use authentication code and generating a representation of the authentication information. The method further includes presenting the representation of the authentication information to a sensor system of the other computing device for authentication.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.13/748,408, filed Jan. 23, 2013, the entire contents of which is herebyincorporated herein by reference for all purposes.

BACKGROUND

Setting up some types of computing systems, such as gaming consoles, mayinvolve entering strings of characters, such as user names, userpasswords, wireless settings, wireless passwords, and other informationto authenticate the computing system and connect the computing system toa wireless network. However, some such computing systems may utilizeuser input devices not primarily designed for the input of characterstrings. For example, a video game controller may not include controlstailored for entry of alphanumeric or other character-based inputs, butinstead may include directional and trigger-type controls. Therefore,entering character strings for such computing devices may betime-consuming and cumbersome.

SUMMARY

Embodiments are disclosed herein that relate to the generation and useof authentication codes for authenticating a computing device. Forexample, one disclosed embodiment includes receiving authenticationinformation at a mobile device, the authentication information includinga restricted-use authentication code configured to be expired after use,and generating a representation of the authentication information viathe mobile device. The method further comprises presenting theauthentication information via the mobile device to a sensor system ofanother computing device for authentication of the other computingdevice.

This Summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This Summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used to limit the scope of the claimed subject matter. Furthermore,the claimed subject matter is not limited to implementations that solveany or all disadvantages noted in any part of this disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a use environment for performing authentication inaccordance with an embodiment of the present disclosure.

FIG. 2 shows an example user interface for a mobile device to receive aninput of user information for the authentication of another computingdevice in accordance with an embodiment of the present disclosure.

FIG. 3 shows an example user interface of the mobile device of FIG. 2for sending a request to a remote service to obtain a restricted-useauthentication code in accordance with an embodiment of the presentdisclosure.

FIG. 4 shows an example representation of authentication informationdisplayed on the mobile device of FIG. 2 in accordance with anembodiment of the present disclosure.

FIG. 5 schematically shows an example authentication system inaccordance with an embodiment of the present disclosure.

FIG. 6 shows example communications between elements of the system ofFIG. 5 in accordance with an embodiment of the present disclosure.

FIGS. 7A and 7B show embodiments of methods of performing anauthentication via a restricted-use authentication code in accordancewith an embodiment of the present disclosure.

FIG. 8 shows example communications between elements of the system ofFIG. 5 in accordance with another embodiment of the present disclosure.

FIG. 9 shows a block diagram of an example computing system inaccordance with an embodiment of the present disclosure.

DETAILED DESCRIPTION

As mentioned above, setting up a device, such as a smart phone, a tabletcomputer, a personal computer, a mobile computing device, and/or anyother suitable computing device, may involve inputting strings ofcharacter-based data, such as a user name, password, wireless settingsinformation, device and/or application identifiers, etc. In someinstances, these inputs may be provided, for example, by using ajoystick and/or directional pad to individually scroll through andselect each character on a keyboard displayed on a display device.Similar processes may be repeated for associating an additional userprofile and/or a companion device (e.g. a tablet computer, a smartphone, etc.) with the gaming console, for purchasing content via thegaming console, and/or for other functions.

Thus, embodiments are disclosed herein that relate to facilitating userexperiences surrounding such functions. Briefly, the disclosedembodiments allow a user to enter information via a second computingdevice, such as phone, notepad or tablet computer, laptop computer,etc., to perform a function via a first computing device, such asinitial setup authentication, additional user authentication, contentpurchasing, etc. The information entered via the second device is sentto a remote service, which produces an authentication code and sends theauthentication code to the second device. The second device may then beused to present the authentication code to the first device, forexample, as an image and/or audio output, in order to authenticate thefirst device with the remote service. After the authentication code isused, the remote service expires the code in order to preventunauthorized parties from later accessing and utilizing theauthentication code.

FIG. 1 shows an example use environment 100 for performing suchauthentication processes. The use environment 100 includes a firstcomputing device 102, which may represent any suitable computing device,including but not limited to a gaming console, a personal computingdevice, a mobile computing device, etc. The first computing device 102may be communicatively connected with other devices, such as a displaydevice 104 for providing output images and a sensor system 106 forreceiving inputs. The sensor system 106 may comprise any suitablesensors, including but not limited to one or more depth cameras, one ormore two-dimensional cameras, and/or one or more microphones. The firstcomputing device 102 may also receive input from a hand-held user inputdevice 108. The hand-held user input device 108 may comprise anysuitable user input device, including but not limited to a gamecontroller, a mouse, a motion sensor, etc. The use environment 100 alsoincludes a second computing device 110, and a user 112. The secondcomputing device 110 may represent any suitable computing device,including but not limited to a mobile device (e.g. smartphone, tabletcomputer, notepad computer, laptop computer), a desktop computer, etc.Further, the second computing device 110 may include additional and/ordifferent input mechanisms in comparison to those utilized by the firstcomputing device 102.

The first computing device 102 and the second computing device 110 maycommunicate with a network-accessible service 114 via a network 116(e.g. a computer network and/or a cellular phone network). As explainedin more detail below, the network-accessible service may be used toauthenticate the first computing device via user inputs made via thesecond computing device. The first computing device 102 may alsocommunicate with the second computing device 110 via one or moresuitable wireless and/or wired communication protocols, including butnot limited to WiFi, Wifi direct, Bluetooth, Near Field Communication(NFC), etc.

As mentioned above, a user may perform authentication processes for thefirst computing device 102 via user inputs made via the second computingdevice 110. FIGS. 2-4 show examples of user interfaces on an examplemobile device 202 as a user proceeds a process of authenticating a firstcomputing device via the mobile device 202. It will be understood that,in some embodiments, the mobile device 202 may correspond to the secondcomputing device 110 shown in FIG. 1. First, as illustrated in FIG. 2,the user may interact with an application on the mobile device todisplay a user interface 204 with which the user may enter informationvia touch via a software (or hardware) keyboard. The user may enter anysuitable information, including but not limited to the depicted user IDand password for a network-accessible service, such as service 114 ofFIG. 1. Upon entering a valid user ID and password, the user may belogged in to the remote service.

After logging in, the user may indicate that another computing device isready to be setup and/or associated with the user. Thus, as illustratedin FIG. 3, the mobile device 202 and/or the application running on themobile device 202 may provide a user interface control 302 uponindication that the user wishes to setup or otherwise authenticateanother computing device. In response to the user selecting the userinterface control 302, the mobile device sends a request the remoteservice for a restricted-use authentication code, wherein the term“restricted-use” signifies that the code is expired upon the occurrenceof one or more designated events. Examples of expiration events include,but are not limited to, use of the authentication code and expiration ofa preselected period of time from code generation.

Upon receipt of the restricted-use authentication code, the mobiledevice 202 then generates a representation of the restricted-useauthentication code, and potentially of other authenticationinformation, for presentation to the first computing device. FIG. 4illustrates an example of a representation of authentication information402, in the form of an optically readable tag comprising a graphicalcode displayed on a display screen of the mobile device 202. It will beunderstood that the authentication information may be presented in anysuitable manner. For example, the authentication code may be presentedvisually as one or more alphanumeric characters, a Universal ProductCode (UPC), a Quick Response (QR) code, and/or any other suitable imagethat may be decoded by another computing device. A visual authenticationcode, as described above, may also be presented physically. For examplethe visual authentication code may be printed or otherwise recorded on aphysical medium, such as paper, a product packaging material, or anyother suitable material.

The authentication information may also be presented as an audiorepresentation comprising one more audio signals decodable by anothercomputing device. In some embodiments, the representation ofauthentication information may include both visual and audio elements.Additionally, the representation may be a digital representationtransmittable by other direct communications channel than visual andaudio channels, such as a NFC channel, Bluetooth channel, WiFi directchannel, etc. In some embodiments, the authentication information maypresented using a combination of multiple devices, media, methods, etc.For example, authentication information may be transmitted from onedevice to another device via a network (e.g., emailed from one user toanother user) and printed from the other device onto a sheet of paper.As another example, authentication information may be presented by massproducing and distributing a representation of the authenticationinformation with product packaging and/or as a standalone product. Insome embodiments, the authentication information may be used inconjunction with a sweepstakes, giveaway, contest, and/or otherpromotional campaign.

FIG. 5 shows a block diagram of an authentication system 500 inaccordance with an embodiment of the present disclosure. Theauthentication system 500 comprises a mobile device 502 thatcommunicates with a network-accessible service 504 to authenticate acomputing system 506. The mobile device 502 includes a sign-in module508 for receiving an input of account login information and sending theaccount login information to a corresponding account access module 510of the network-accessible service 504. In response, the account accessmodule 510 may authenticate the user, and thus allow the mobile device502 to access information and perform actions related to an account ofthe user.

The mobile device 502 also includes an initial setup determinationmodule 512 for determining whether a computing system is being setup forthe first time. The initial setup determination module 512 may determinethis in any suitable manner, such as by displaying a graphical userinterface element requesting this information and receiving a user inputin response. If it is determined that the computing system 506 is beingsetup for the first time, the initial setup determination module 512 mayinvoke one or more modules relating to initial setup processes. As shownin FIG. 5, one example of a module relating to initial setup of acomputing device includes a wireless settings input module 514. Thewireless settings input module 514 may receive a user input of wirelesssettings information usable to wirelessly connect the computing systemto a network.

The mobile device 502 further comprises a code representation generationmodule 516. As shown in FIG. 3, the code representation generationmodule 516 may present a user the option to instruct the mobile device502 to request an authentication code from the network-accessibleservice 504, to receive the authentication code from thenetwork-accessible service 504, and to generate a representation ofauthentication information including the authentication code. To obtainthe authentication code, the code representation generation module 516may communicate with a code generation module 518 of network-accessibleservice 504 to request and receive an authentication code from thenetwork-accessible service 504. Turning briefly to FIG. 6, which showsexample communications between a mobile device, a network-accessibleservice, and a computing system, the request sent by the coderepresentation generation module 516 to the code generation module 518is illustrated as authentication code request 602.

Upon receipt of this request, the code generation module 518 may producea restricted-use authentication code. Further, the code generationmodule 518 also may encode other information, such as wireless networksettings, received from the mobile device 502. Referring briefly againto FIG. 6, the code generation module 518 is illustrated at 604 assending the authentication information, including the restricted-useauthentication code and potentially other information, to theauthentication code representation generation module 516.

The code generation module 518 also may communicate with various othermodules, such as code expiration module 520 and a companion associationmodule 522. The code expiration module 520 may be configured to expirethe authentication code produced by the code generation module 518 afterthe code is used by the computing system 506. Likewise, the companionassociation module 522 may be configured to associate a companionapplication and/or a companion device (e.g. mobile device 502) withanother computing system being authenticated (e.g. computing system506).

In response to receiving the authentication code from the codegeneration module 518, the code representation generation module 516 maygenerate a representation 524 of the authentication information forpresentation to the computing system 506. As mentioned above, theauthentication information may include any suitable information inaddition to the authentication code, including but not limited towireless settings information, user identification, user accountidentification and/or password, transaction information (e.g. related tocontent purchased by the user), etc. Also as mentioned above, therepresentation 524 of the authentication information may take anysuitable form, including but not limited to visual and/or audiorepresentations.

Next, the representation 524 of authentication information may bepresented to the computing system 506 for capture by a sensor from whichthe computing system 506 receives input, as illustrated at 606 in FIG.6. For example, the computing system 506 may include a coderepresentation reader 528 for detecting and decoding the representation524 to obtain the authorization information. Depending upon the contentof the authorization information, the code representation reader 528 maypass all or some of the decoded authentication information to an initialsetup module 530. If it is determined that an initial setup is to beperformed, the wireless configuration module 532 may be provided withwireless settings information received via the authorizationinformation, and thus may configure the wireless settings of computingsystem 506 to connect to a wireless network.

Further, the initial setup module 530 and/or wireless configurationmodule 532 may invoke a verification request module 534. Theverification request module 534 may be configured to send all or some ofthe authentication information decoded by the code representation reader528 to a code verification module 536 of the network-accessible service504 to verify that the authentication code was received and transmittedto the network-accessible service, as shown at 608 of FIG. 6.

The code verification module 526 may query the code expiration module520 to expire the authentication code, such that the authentication codeis not available for any further use. Further, the code verificationmodule 536 may send a confirmation of authentication to the computingsystem 506, as shown at 610 of FIG. 6, thereby completing authenticationof computing system 506. Further, information regarding the identitiesof the mobile device 502 and the computing system 506 may be stored bycompanion association module 522 so that the paired relationship betweenthese devices is stored in association with the user account.

FIGS. 7A and 7B show a flow diagram depicting an embodiment of a method700 of performing an authentication process, and illustrates processesperformed by each of a mobile device 702, a network-accessible service704, and a computing system 706. Method 700 comprises, at 708 receivinguser input at mobile device 702. As indicated at 710 and 712, the userinput may include user account information and/or wireless settings,respectively. As such information may be in the form of alphanumericstrings, the user may utilize an input mechanism on the mobile deviceconfigured to facilitate such character input, such as a hardware orsoftware keyboard. While shown in FIGS. 7A-7B in the context of a mobiledevice, it will be understood that any other suitable computing devicemay be used.

The user input also may include any other suitable information, such asinformation regarding item purchased by a user. For example, if a userpurchases a game to play on the computing system, the purchaseinformation may include a product code or other information identifyingand authenticating the purchase.

After receiving user input, the mobile device 702 may send a request foran authentication code, as indicated at 714. The network-accessibleservice 704 may receive the request for the authentication code at 716,generate the authentication code at 718, and send the authenticationcode to the mobile device at 720, potentially with other authenticationinformation. For example, as indicated at 722, in some embodiments, theauthentication code may include code expiration information. The codeexpiration information may specify, for example, an expiration timethreshold for the authentication code, such that the restricted-useauthentication code may be expired in response to an amount of timeelapsing that is greater than the expiration threshold. The codeexpiration information may also comprise any other suitable informationfor expiring the authentication code.

Method 700 further comprises receiving the authentication code at themobile device 702, as indicated at 724. The mobile device then maygenerate a representation of the authentication code, and potentially ofother authentication information at 726. The representation may take anysuitable form. For example, the authentication information may bepresented as an image representation and/or an audio representation, asindicated at 728 and 730, respectively.

After generating the representation of the authentication information,method 700 further comprises presenting the representation of theauthentication information to the computing system 706, as indicated at732. For example, where the representation includes an imagerepresentation, then the mobile device 702 may display the imagerepresentation, as indicated at 734. Likewise, if the representationincludes an audio representation, the mobile device 702 may output theaudio representation via speaker, as indicated at 736.

Next at 738, method 700 includes detecting, via data acquired via one ormore sensors, the representation of the authentication information atthe computing system. Example sensors include, but are not limited to,an image sensor 740 (e.g. a two-dimensional image sensor or depthsensor) and an audio sensor 742. In some embodiments, additional and/oralternative sensors may be configured to detect a representation ofauthentication information from the mobile device 702. Further, thesensor(s) may be integrated within and/or communicatively connected tothe computing system 706.

At 744, method 700 includes decoding the representation of theauthentication information, thereby obtaining the authenticationinformation. The computing system 706 then may identify theauthentication code, and send an authentication request comprising theauthentication code to the network-accessible service 704, as indicatedat 746. As indicated at 750, the authentication request may optionallycomprise one or more portions of the authentication information,including purchase information relating to an item purchased by a userin order to validate the purchase information with thenetwork-accessible service 704.

The method 700 further includes receiving, at the network-accessibleservice 704, the authentication request comprising the authenticationcode at 752. After receiving the authentication request, thenetwork-accessible service 704 may authenticate the computing system asbeing associated with the user. On the other hand, if the authenticationcode is not determined to be valid, authentication may be denied. Asindicated at 756, in some embodiments, the network-accessible service704 may further associate the mobile device with the computing systembased upon receiving the authentication code.

Method 700 further includes expiring the authentication code at 758after authenticating the computing device. In this manner, an image orother representation of the authentication code improperly obtained fromthe mobile device may not be used to authenticate any other devices.Method 700 further includes sending a confirmation of authentication tothe computing system at 760.

As indicated at 762, the computing system 706 receives the confirmationof the authentication request, and in response, associates the user withthe computing system at 764. For example, the computing device mayaccess user account and/or user account profile information on thecomputing system. The computing system 706 may also associate itselfwith the mobile device 702 and/or an application running on the mobiledevice, as indicated at 766. Additionally, the computing device mayutilize wireless settings transmitted as authentication information toconnect to a wireless network.

FIG. 8 illustrates another example embodiment of restricted-useauthentication in which the computing system is already associated withthe user of a mobile device. Such authentication may be used, forexample, in the purchase of content for the computing system, to addanother user account to the computing system, etc. As indicated at 802,an authentication code request is sent from a mobile device to anetwork-accessible service in order to initiate a handshake operationfor authenticating a computing system. In response, thenetwork-accessible service may send authentication informationcomprising an authentication code to both the mobile device and thecomputing system, as indicated at 804 a and 804 b, respectively.

Next, method 800 comprises sending the authentication information fromthe mobile device to the computing system indicated at 806. For example,as described above, the authentication information may be presented tothe computing system in the form of a graphical representation of theauthentication information and/or an audio representation. In response,the computing system may perform the authentication locally, and send anindication of a successful authentication to the network-accessibleservice in the form of the authorization indicated at 808.

In some embodiments, the methods and processes described herein may betied to a computing system of one or more computing devices. Inparticular, such methods and processes may be implemented as acomputer-application program or service, an application-programminginterface (API), a library, and/or other computer-program product.

FIG. 9 schematically shows a non-limiting embodiment of a computingsystem 900 that can enact one or more of the methods and processesdescribed above. The computing system 900 is shown in simplified form.The computing system 900 may take the form of one or more gamingconsoles, mobile communication devices (e.g., smart phone), mobilecomputing devices, tablet computers, server computers,home-entertainment computers, network computing devices, personalcomputers, and/or other computing devices.

The computing system 900 includes a logic machine 902 and a storagemachine 904. The computing system 900 may optionally include a displaysubsystem 906, an input subsystem 908, a communication subsystem 910,and/or other components not shown in FIG. 9.

The logic machine 902 includes one or more physical devices configuredto execute instructions. For example, the logic machine may beconfigured to execute instructions that are part of one or moreapplications, services, programs, routines, libraries, objects,components, data structures, or other logical constructs. Suchinstructions may be implemented to perform a task, implement a datatype, transform the state of one or more components, achieve a technicaleffect, or otherwise arrive at a desired result.

The logic machine may include one or more processors configured toexecute software instructions. Additionally or alternatively, the logicmachine may include one or more hardware or firmware logic machinesconfigured to execute hardware or firmware instructions. Processors ofthe logic machine may be single-core or multi-core, and the instructionsexecuted thereon may be configured for sequential, parallel, and/ordistributed processing. Individual components of the logic machineoptionally may be distributed among two or more separate devices, whichmay be remotely located and/or configured for coordinated processing.Aspects of the logic machine may be virtualized and executed by remotelyaccessible, networked computing devices configured in a cloud-computingconfiguration.

The storage machine 904 includes one or more physical devices configuredto store and hold instructions (e.g., computer-readable instructions)executable by the logic machine to implement the methods and processesdescribed herein. For example, the logic machine 902 may be in operativecommunication with a sensor interface (e.g. an interface of the sensorsystem 106 of FIG. 1), and the storage machine 904. When such methodsand processes are implemented, the state of the storage machine 904 maybe transformed—e.g., to hold different data.

The storage machine 904 may include removable and/or built-in devices.The storage machine 904 may include optical memory (e.g., CD, DVD,HD-DVD, Blu-Ray Disc, etc.), semiconductor memory (e.g., RAM, EPROM,EEPROM, etc.), and/or magnetic memory (e.g., hard-disk drive,floppy-disk drive, tape drive, MRAM, etc.), among others. Storagemachine 904 may include volatile, nonvolatile, dynamic, static,read/write, read-only, random-access, sequential-access,location-addressable, file-addressable, and/or content-addressabledevices.

It will be appreciated that the storage machine 904 includes one or morephysical devices. However, aspects of the instructions described hereinalternatively may be propagated by a communication medium (e.g., anelectromagnetic signal, an optical signal, etc.).

Aspects of the logic machine 902 and the storage machine 904 may beintegrated together into one or more hardware-logic components. Suchhardware-logic components may include field-programmable gate arrays(FPGAs), program- and application-specific integrated circuits(PASIC/ASICs), program- and application-specific standard products(PSSP/ASSPs), system-on-a-chip (SOC), and complex programmable logicdevices (CPLDs), for example.

When included, the display subsystem 906 may be used to present a visualrepresentation of data held by the storage machine 904. This visualrepresentation may take the form of a graphical user interface (GUI). Asthe herein described methods and processes change the data held by thestorage machine, and thus transform the state of the storage machine,the state of display subsystem 906 may likewise be transformed tovisually represent changes in the underlying data. The display subsystem906 may include one or more display devices utilizing virtually any typeof technology. Such display devices may be combined with the logicmachine 902 and/or the storage machine 904 in a shared enclosure, orsuch display devices may be peripheral display devices.

When included, the input subsystem 908 may comprise or interface withone or more user-input devices such as a touch screen, keyboard, mouse,microphone, or game controller. For example, the input subsystem mayinclude or interface with the first computing device 102 and/or thesecond computing device 110 of FIG. 1. In some embodiments, the inputsubsystem may comprise or interface with selected natural user input(NUI) componentry. Such componentry may be integrated or peripheral, andthe transduction and/or processing of input actions may be handled on-or off-board. Example NUI componentry may include a microphone forspeech and/or voice recognition; an infrared, color, stereoscopic,and/or depth camera for machine vision and/or gesture recognition; ahead tracker, eye tracker, accelerometer, and/or gyroscope for motiondetection and/or intent recognition; as well as electric-field sensingcomponentry for assessing brain activity.

When included, the communication subsystem 910 may be configured tocommunicatively couple the computing system 900 with one or more othercomputing devices. The communication subsystem 910 may include wiredand/or wireless communication devices compatible with one or moredifferent communication protocols. As non-limiting examples, thecommunication subsystem may be configured for communication via awireless telephone network, or a wired or wireless local- or wide-areanetwork. In some embodiments, the communication subsystem may allow thecomputing system 900 to send and/or receive messages to and/or fromother devices via a network such as the Internet.

It will be understood that the configurations and/or approachesdescribed herein are exemplary in nature, and that these specificembodiments or examples are not to be considered in a limiting sense,because numerous variations are possible. The specific routines ormethods described herein may represent one or more of any number ofprocessing strategies. As such, various acts illustrated and/ordescribed may be performed in the sequence illustrated and/or described,in other sequences, in parallel, or omitted. Likewise, the order of theabove-described processes may be changed.

The subject matter of the present disclosure includes all novel andnonobvious combinations and subcombinations of the various processes,systems and configurations, and other features, functions, acts, and/orproperties disclosed herein, as well as any and all equivalents thereof.

The invention claimed is:
 1. On a computing device, a method ofperforming an authentication process, the method comprising: detecting,via an image sensor, an image displayed via a mobile device, the imagecomprising an optically readable tag; decoding the optically readabletag to determine an authentication code for authenticating the computingdevice; sending, to a network-accessible service, an authenticationrequest comprising the authentication code, the authentication requestcomprising a request to authenticate computing device information anduser information for a user; receiving a confirmation of theauthentication request from the network-accessible service; andassociating the user to the computing device based at least uponreceiving the confirmation of the authentication request from thenetwork-accessible service.
 2. The method of claim 1, wherein detectingthe image further comprises detecting a representation of user-inputdata comprising setup information usable to set up the computing device.3. The method of claim 1, wherein the authentication code furthercomprises identification information relating to one or more of themobile device and an application on the mobile device.
 4. The method ofclaim 3, further comprising associating the mobile device to thecomputing device based at least upon receiving the confirmation of theauthentication request from the network-accessible service.
 5. Themethod of claim 1, wherein the authentication code further comprisespurchase information relating to an item purchased by the user, and themethod further comprising validating the purchase information with thenetwork-accessible service.
 6. The method of claim 1, wherein theauthentication code further comprises wireless settings information, andthe method further comprising configuring the computing system inaccordance with the wireless settings information to connect thecomputing system to a wireless network.
 7. The method of claim 1,wherein the optically readable tag comprises a graphical code.
 8. Themethod of claim 1, wherein the optically readable tag comprises one ormore alphanumeric characters.
 9. The method of claim 1, whereinreceiving the authentication code further comprises receiving codeexpiration information specifying an expiration threshold for theauthentication code.
 10. The method of claim 9, wherein the expirationthreshold comprises an expiration time threshold.
 11. A computing systemcomprising: an image sensor; a logic machine; and a storage machinestoring instructions executable by the logic machine to: detect, via theimage sensor, an image displayed via a mobile device, the imagecomprising an optically readable tag; decode the optically readable tagto determine an authentication code for authenticating the computingsystem; send, to a network-accessible service, an authentication requestcomprising the authentication code, the authentication requestcomprising a request to authenticate computing device information anduser information for a user; receive a confirmation of theauthentication request from the network-accessible service; andassociate the user to the computing system based at least upon receivingthe confirmation of the authentication request from thenetwork-accessible service.
 12. The computing system of claim 11,wherein detecting the image further comprises detecting a representationof user-input data comprising setup information usable to set up thecomputing system.
 13. The computing system of claim 11, wherein theimage sensor comprises one or more of a depth camera and atwo-dimensional camera.
 14. The computing system of claim 11, whereinthe authentication code further comprises identification informationrelating to one or more of the mobile device and an application on themobile device, and the instructions are further executable to associatethe mobile device to the computing system based at least upon receivingthe confirmation of the authentication request from thenetwork-accessible service.
 15. The computing system of claim 11,wherein the optically readable tag comprises a graphical code.
 16. Thecomputing system of claim 11, wherein the optically readable tagcomprises one or more alphanumeric characters.
 17. A computer-readablestorage machine storing instructions executable by a logic machine to:detect, via an image sensor of a first device, an image displayed via amobile device, the image comprising an optically readable tag; decodethe optically readable tag to determine an authentication code forauthenticating the first device; send, to a network-accessible service,an authentication request comprising the authentication code, theauthentication request comprising a request to authenticate first deviceinformation and user information for a user; receive a confirmation ofthe authentication request from the network-accessible service; andassociate the user to the first device based at least upon receiving theconfirmation of the authentication request from the network-accessibleservice.
 18. The computer-readable storage machine of claim 17, whereindetecting the image further comprises detecting a representation ofuser-input data comprising setup information usable to set up the firstdevice.
 19. The computer-readable storage machine of claim 17, whereinthe optically readable tag comprises a graphical code.
 20. Thecomputer-readable storage machine of claim 17, wherein the opticallyreadable tag comprises one or more alphanumeric characters.